Specifying a port range with iptables?

Dawes, Stephen Stephen.Dawes at gov.calgary.ab.ca
Thu Apr 11 14:28:22 EDT 2002 

Yes it is,
In looking at the syntax you included in your message, the mistake is 2074 - 2076.
it should read 
2074:2076

HTH
and I will be glad to help with any other iptables questions that you may have.
Steve Dawes
PH:  (403) 268-5527. 
Mailto:  sdawes at gov.calgary.ab.ca 



> -----Original Message-----
> From: Doug Lawlor [mailto:dlawlor at roadrunner.nf.net]
> Sent: 2002 April 11 12:18 PM
> To: speakup at braille.uwo.ca
> Subject: Specifying a port range with iptables?
> 
> 
> Is it possible to specify a port range using iptables?  If I present
> iptables with the following line it gives me a statement 
> something like:
> 
> iptables -A PREROUTING -t nat -p udp -d $MYIP --dport 2074 - 
> 2076 -j DNAT --to 192.168.0.2:2074 - 2076
> 
> "Bad argument `-'
> Try `iptables -h' or 'iptables --help' for more information.  "
> 
> If I take out the spaces between the dashes:
> 
> iptables -A PREROUTING -t nat -p udp -d $MYIP --dport 
> 2074-2076 -j DNAT --to 192.168.0.2:2074-2076
> 
> I get an invalid port specification or something to that effect.  
> 
> Any help on this would be appreciated.  
> 
> Doug
> 
> -- 
> Doug Lawlor <dlawlor at roadrunner.nf.net>
> 
> #!/bin/bash
> # Script: rc.firewall
> # Created on: 17/02/2002
> # Author: Doug Lawlor <dlawlor at roadrunner.nf.net
> # Modified on: 11/04/2002
> 
> # Added code to get the ip from eth0 and 
> # put it into a variable for use in the port forwarding.  
> #simplified the port forwarding setup.  
> # Now uses two lines of scripting instead of 6
> 
> # Grab the IP address from eth0 using 'ifconfig'
> # and put it into a variable.  
> MYIP=`ifconfig eth0 | sed '/.*addr:/!d;s///;s/ .*//'`
> 
> # Proform Address translation on all packets going out eth0
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
> 
> # Open the following ports for Speak Freely
> # Forward ports 2074-2076 to 192.168.0.2
> 
> # Forward ports 4074-4076 to 192.168.0.2
> iptables -A PREROUTING -t nat -p udp -d $MYIP --dport 4074 - 
> 4076 -j DNAT --to 192.168.0.2:4074 - 4076
> 
> # End rc.firewall
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

More information about the Speakup mailing list